CVE-2013-4609

REDCap exposes a logic-evaluation weakness: versions before 5.0.4 and 5.1.x before 5.1.3 do not reject undocumented syntax in branching logic and calculations, enabling remote authenticated users to bypass access controls via the Online Designer or Data Dictionary upload (demonstrated by an eval ...

CVE-2012-6564

CVE-2012-6564 describes a cross-site scripting (XSS) vulnerability in REDCap prior to 4.14.5. The affected component is the REDCap web application; the root cause is an XSS flaw that allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. The available documents do...

CVE-2013-4612

The CVE-2013-4612 entry concerns REDCap prior to version 5.1.0 , with multiple cross-site scripting (XSS) vulnerabilities. The reports indicate remote attackers could inject arbitrary web script/HTML via unspecified vectors across different modules. The connected documents confirm the affected pr...

CVE-2012-6566

CVE-2012-6566 describes a cross-site scripting (XSS) vulnerability in REDCap prior to 4.14.2 that allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. The affected software is REDCap; the root cause is an XSS flaw in versions before 4.14.2. Exploitation details ...

CVE-2012-6567

REDCap before 4.14.0 is affected: remote authenticated users can execute arbitrary commands via shell metacharacters in the logic of a custom rule. The root cause is unsafely evaluated shell constructs in rule logic, enabling command execution with authenticated access. Connectivity details or in...

CVE-2013-4610

CVE-2013-4610 affects the Data Search utility in REDCap data-entry forms, specifically REDCap before 5.0.3 and 5.1.x before 5.1.2. The impact is not specified in the sources, and there are no public exploitation details provided in the connected documents. No remediation or fix versions are descr...